自动化运维体系

 1. 系统预备

自动化安装操作系统及常用软件包---(PXE kickstart---ks.cfg)

 2. 配置管理

 自动化部署业务系统软件包并完成配置  --- puppet

 远程管理服务器(开关服务等)

 变更回滚

 3. 监控报警   (cacti|ngioas|zabbix)

 服务器可用性、性能、安全监控

 向管理员发送报警信息


PXE 无人职守安装(kickstart|Cobbler)

 

工作原理

PXE.client的网卡芯片里面内置一个dhcp.client,tfpt.client,会从server端下载一个PXEOS(里面有各种安装选项标签),选择特定安装标签后,

会通过tftp传输一个临时内核(vmlinuzinitrd.img),接着传一个ks.cfg自动安装配置文件过去

 

1、客户机可以通过服务端dhcp在获取IP地址,并且dhcpd服务器会告诉客户端tftp服务器IP地址。

2pxe客户端会从tftp服务器上下载pxelinux.0操作系统和这个操作系统对应的配置文件(default)至本机,在本机上运行pxelinux.0这个操作系统,

     这个操作系统会加载自己的配置文件:default.

     default加载后会弹出一个安装系统选择界面,让用户去选择要安装哪个操作系统

     tftp的作用是实现安装文件UDP快速传输

3、启动第三个临时系统(vmlinuz/initrd.img,构造安装之前一个临时系统环境,在这里会重新

     获取IP地址,并且会读取ks.cfg这个配置文件

4nfs/http/ftp用来导出红帽系统安装目录树

5、根据ks.cfg来自动完成操作系统的安装

部署PXE

   1.      Configure the network (NFS, FTP, HTTP) server to export the installation tree.

   2.      Configure the files on the tftp server necessary for PXE booting.

   3.      Configure DHCP.

   4.      Boot the client, and start the installation.

 

 

1 配置服务(NFS, FTP, HTTP) 导出安装树

 

[root@node1 ~]# lftp 192.168.0.254

lftp 192.168.0.254:~> cd notes/iso/

lftp 192.168.0.254:/notes/iso> get rhel-server-6.3-x86_64-dvd.iso

lftp 192.168.0.254:/notes/iso> exit

[root@node1 ~]# vim /etc/fstab

/root/rhel-server-6.3-x86_64-dvd.iso  /mnt/rhel6  iso9660  ro,loop      0 0

[root@node1 ~]# mkdir /mnt/rhel6

[root@node1 ~]# mount -a

本地YUM

[root@node1 ~]# rm -fr /etc/yum.repos.d/*

[root@node1 ~]# vim  /etc/yum.repos.d/local.repo

[local]

name=this's local YUM

baseurl=file:///mnt/rhel6

enabled=1

gpgcheck=0

安装服务

[root@node1 ~]# yum -y install vsftpd httpd

通过ftp发布安装树

[root@node1 ~]# mkdir /var/ftp/pub/rhel6/dvd -p

[root@node1 ~]# vim /etc/fstab

/root/rhel-server-6.3-x86_64-dvd.iso  /var/ftp/pub/rhel6/dvd  iso9660  ro,loop      0 0

[root@node1 ~]# mount -a

[root@node1 ~]# service vsftpd start

[root@node1 ~]# chkconfig vsftpd on

通过http发布安装树

[root@node1 ~]# ln -s /var/ftp/pub/rhel6/dvd/ /var/www/html/rhel6

[root@node1 ~]# service httpd start

[root@node1 ~]# chkconfig httpd on

测试

[root@node1 ~]# wget http://192.168.0.1/rhel6/GPL &> /dev/null  && echo  'HTTP测试成功'

HTTP测试成功

[root@node1 ~]# wget ftp://192.168.0.1/pub/rhel6/dvd/README

2  配置tftp服务(pxe相关的启动文件)

 1> 安装tftp-server

[root@node1 ~]# yum -y install tftp-server

[root@node1 ~]# chkconfig tftp on

[root@node1 ~]# chkconfig xinetd on

[root@node1 ~]# service xinetd start

 2> 安装pxelinux.0操作系统

[root@node1 ~]# yum -y install syslinux

[root@node1 ~]# cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/

 3> pxelinux.0的配置文件(default)

[root@node1 ~]# mkdir /var/lib/tftpboot/pxelinux.cfg/

[root@node1 ~]# cd /var/ftp/pub/rhel6/dvd/isolinux/

[root@node1 isolinux]# cp isolinux.cfg  /var/lib/tftpboot/pxelinux.cfg/default

 4> 安装那个系统的版本内核文件

[root@node1 isolinux]# mkdir /var/lib/tftpboot/rhel6.3

[root@node1 isolinux]# cp vmlinuz initrd.img /var/lib/tftpboot/rhel6.3/

 5> 增强图形化菜单

vesamenu.c32  --- 图形菜单编译器

splash.jpg    --- 背景图

boot.msg      --- 字符菜单

[root@node1 isolinux]# cp boot.msg vesamenu.c32 splash.jpg  /var/lib/tftpboot/

3 安装dhcp服务

[root@node1 ~]# yum -y install dhcp

[root@node1 ~]# cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample  /etc/dhcp/dhcpd.conf

cp:是否覆盖"/etc/dhcp/dhcpd.conf"y

option domain-name "hugo.cc";

option domain-name-servers 192.168.0.1, 8.8.8.8;

default-lease-time 600;

max-lease-time 7200;

log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {

  range 192.168.0.100 192.168.0.110;

  option routers 192.168.0.1;

  option broadcast-address 192.168.0.255;

  next-server 192.168.0.1;  ---找寻tftp服务主机

  filename "pexlinux.0";     ---下载pex系统

}

[root@node1 ~]# service dhcpd start

[root@node1 ~]# chkconfig dhcpd on

4 通过kickstart工具 生成安装系统的脚本 ks.cfg

[root@node1 ~]# yum -y install system-config-kickstart

/root/ks.cfg

[root@node1 ~]# cat /root/ks.cfg

#platform=x86, AMD64, Intel EM64T

#version=DEVEL

# Firewall configuration

firewall --disabled

# Install OS instead of upgrade

install

# Use network installation

url --url="ftp://192.168.0.1/pub/rhel6/dvd"

# Root password

rootpw --iscrypted $1$.DW5qqTM$NjQgYUCnhuhW2sXM9jcgJ0

# System authorization information

auth  --useshadow  --passalgo=sha512

# Use text mode install

text

firstboot --disable

# System keyboard

keyboard us

# System language

lang zh_CN

# SELinux configuration

selinux --disabled

# Installation logging level

logging --level=info

# Reboot after installation

reboot

# System timezone

timezone --isUtc Asia/Shanghai

# Network information

network  --bootproto=dhcp --device=eth0 --onboot=on

# System bootloader configuration

bootloader --append="selinux=0" --location=mbr --md5pass="$1$r/9QfvC3$wWRxW4VFEu/WtEY1JKTdR0"

# Clear the Master Boot Record

zerombr

clearpart --all

part /boot --fstype ext4 --size=100

part pv.100000 --size=10000

part swap --size=512

volgroup vg --pesize=32768 pv.100000

logvol /home --fstype ext4 --name=lv_home --vgname=vg --size=480

logvol / --fstype ext4 --name=lv_root --vgname=vg --size=8192

%end

 

%post

rm -fr /etc/yum.repos.d/*

cat > /etc/yum.repos.d/dvd.repo << EOT

[dvd]

name=this's PXE source

baseurl=ftp://192.168.0.1/pub/rhel6/dvd

enabled=1

gpgchec=0

EOT

 

sed -i  s/id:[0-9]:initdefault:/id:5:initdefault:/ /etc/inittab

%end

 

%packages

@basic-desktop

@chinese-support

@desktop-debugging

@desktop-platform

@development

@fonts

@graphical-admin-tools

@input-methods

@legacy-x

@remote-desktop-clients

@x11

httpd

php

mysql-server

mysql

php-mysql

lftp

ftp

openssh

%end

----------------------------------------------------------

 

<发布ks.cfg文件>定义default菜单  如何连接ks.cfg

 

[root@node1 ~]# cp /root/ks.cfg /var/www/html/rhel6.cfg

 

[root@node1 ~]# vim /var/lib/tftpboot/pxelinux.cfg/default

default vesamenu.c32

#prompt 1

timeout 600

display boot.msg

menu background splash.jpg

menu title Welcome to Red Hat Enterprise Linux 6.3!

menu color border 0 #ffffffff #00000000

menu color sel 7 #ffffffff #ff000000

menu color title 0 #ffffffff #00000000

menu color tabmsg 0 #ffffffff #00000000

menu color unsel 0 #ffffffff #00000000

menu color hotsel 0 #ff000000 #ffffffff

menu color hotkey 7 #ffffffff #ff000000

menu color scrollbar 0 #ffffffff #00000000

 

label local

  menu label Boot from ^local drive

  menu default

 localboot 0xffff

 

label linux

  menu label Install RHEL6.3

  menu default

  kernel rhel6.3/vmlinuz

  append initrd=rhel6/initrd.img

 

label auto

  menu label Auto RHEL6.3

  kernel rhel6.3/vmlinuz

  append initrd=rhel6/initrd.img ks=http://192.168.0.1/rhel6.cfg noipv6

 

label rescue

  menu label ^Rescue installed system

  kernel rhel6.3/vmlinuz

  append initrd=rhel6.3/initrd.img rescue

 

保证局域网内 只有一个DHCP服务

配置DNS

 

 正向解析 hugo.cc

 反向解析 192.168.0.0/24

[root@node1 isolinux]# yum -y install bind

 

[root@node1 ~]# vim /etc/named.conf

options {

        listen-on port 53 { 127.0.0.1; 192.168.0.1; };

        directory       "/var/named";

        dump-file       "/var/named/data/cache_dump.db";

        statistics-file "/var/named/data/named_stats.txt";

        memstatistics-file "/var/named/data/named_mem_stats.txt";

        allow-query     { localhost;  any; };

        recursion yes;

        dnssec-enable no;

        dnssec-validation no;

        dnssec-lookaside auto;

        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

};

[root@node1 ~]# vim /etc/named.rfc1912.zones

 

zone "hugo.cc" IN {

        type master;

        file "hugo.cc.zone";

        allow-update { none; };

};

 

zone "0.168.192.in-addr.arpa" IN {

        type master;

        file "192.168.0.rev";

        allow-update { none; };

};

 

[root@node1 ~]# cd /var/named/

[root@node1 named]# cp -a named.localhost hugo.cc.zone

[root@node1 named]# vim hugo.cc.zone

$TTL 1D

@       IN SOA ns1.hugo.cc. root.hugo.cc. (

                                        10      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       NS      ns1.hugo.cc.

ns1     A       192.168.0.1

[root@node1 named]# for a in {2..254}; do echo -e "desktop$a\tA\t192.168.$a" >> /var/named/hugo.cc.zone ; done

[root@node1 named]# cp hugo.cc.zone 192.168.0.rev -a

 

$TTL 1D

@       IN SOA ns1.hugo.cc. root.hugo.cc. (

                                        10      ; serial

                                        1D      ; refresh

                                        1H      ; retry

                                        1W      ; expire

                                        3H )    ; minimum

@       NS      ns1.hugo.cc.

1       PTR     ns1.hugo.cc.

 

 

[root@node1 named]# for a in {2..254}; do echo -e "$a\tPTR\tdesktop$a.hugo.cc." >> /var/named/192.168.0.rev ; done

[root@node1 named]# service named start

[root@node1 ~]# echo "nameserver 192.168.0.1" >  /etc/resolv.conf

[root@node1 ~]# dig -t axfr hugo.cc

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    增加一个标签RHEL5.4

 <导入安装树|生成ks.cfg脚本|拷贝内核文件|添加标签>

 

1. 通过FTP|HTTP|NFS 发布RHEL5.4安装树

mkdir /var/ftp/pub/rhel5.4

mount -o loop /root/rhel-server-5.4-i386-dvd.iso /var/ftp/pub/rhel5.4/

wget ftp://192.168.0.1/pub/rhel5.4/GPL

 

2.生成rhel5.4kickstart文件

 

vim /root/ks_rhel5.4.cfg

#platform=x86, AMD64, Intel EM64T

key --skip

# System authorization information

auth  --useshadow  --enablemd5

# System bootloader configuration

bootloader --location=mbr --md5pass=$1$MUnByNpz$WVFU9CQ.cnLdHPjOjfKvO/

# Clear the Master Boot Record

zerombr

# Partition clearing information

clearpart --all --initlabel

# Use text mode install

text

# Firewall configuration

firewall --disabled

# Run the Setup Agent on first boot

firstboot --disable

# System keyboard

keyboard us

# System language

lang en_US

# Installation logging level

logging --level=info

# Use network installation

url --url=ftp://192.168.0.1/pub/rhel5.4

# Network information

network --bootproto=dhcp --device=eth0 --onboot=on

# Reboot after installation

reboot

#Root password

rootpw --iscrypted $1$dTFnL7xR$f6xjhRJbxoKxPt69HLv2V0

 

# SELinux configuration

selinux --disabled

# System timezone

timezone --isUtc Asia/Shanghai

# Install OS instead of upgrade

install

# X Window System configuration information

xconfig  --defaultdesktop=GNOME --depth=8 --resolution=800x600 --startxonboot

# Disk partitioning information

part /boot --bytes-per-inode=4096 --fstype="ext3" --size=100

part / --bytes-per-inode=4096 --fstype="ext3" --size=15000

part swap --bytes-per-inode=4096 --fstype="swap" --size=512

%pre

#clearpart --linux

#part /boot --fstype ext3 --size=200

#part pv.3 --size=20000

#part swap --size=1024

#volgroup vol0 --pesize=32768 pv.3

#logvol / --fstype ext3 --name=root --vgname=vol0 --size=15000

#logvol /home --fstype ext3 --name=home --vgname=vol0 --size=992

%post

echo "nameserver 192.168.0.1"  >> /etc/resolv.conf

 

 

%packages

@gnome-desktop

@development-libs

@development-tools

@graphical-internet

@graphics

@chinese-support

@editors

lftp

openssh

wget

firefox

elinks

 

拷贝到http 家目录

cp /root/ks_rhel5.4.cfg /var/www/html/rhel5_4.cfg

 

3 拷贝rhel5.4的内核文件

mkdir /var/lib/tftpboot/rhel5.4/

cd /var/ftp/pub/rhel5.4/isolinux/

cp vmlinuz initrd.img /var/lib/tftpboot/rhel5.4/

 

4 定义RHEL5.4的菜单选项

vim /var/lib/tftpboot/pxelinux.cfg/default

label auto5

  menu label ^Auto RHEL5.4

  kernel rhel5.4/vmlinuz

  append initrd=rhel5.4/initrd.img network noipv6 ks=http://192.168.0.1/rhel5_4.cfg

测试